Dear all, I made some tests with the exim MTA and X.509 certificates that have a sha256WithRSAEncryption signature.
Exim can be linked against OpenSSL and initializes OpenSSL the standard way recommended by the manpages SSL_load_error_strings(); /* basic set up */ OpenSSL_add_ssl_algorithms(); I learned that OpenSSL_add_ssl_algorithms() is just an alias for SSL_library_init(). sha256WithRSAEncryption signatures can't be verified by exim because SSL_library_init() does not initialize SHA-256. By additionally calling OpenSSL_add_all_digests() from exim, I got the verification to work. However, I think the better way of solving this is to initialize SHA-256 from SSL_library_init(). I believe all it takes is a simple call to EVP_add_digest(EVP_sha256()); What do you think? Best regards, Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
